ge0rg3 / stegonline Goto Github PK
View Code? Open in Web Editor NEWA web-based, accessible and open-source port of StegSolve.
Home Page: https://georgeom.net/StegOnline/
License: Do What The F*ck You Want To Public License
A web-based, accessible and open-source port of StegSolve.
Home Page: https://georgeom.net/StegOnline/
License: Do What The F*ck You Want To Public License
Let's assume that we want to encode 24 bits of data in a 2x2 image.
For now, 2 options are available in the Pixel Ordel list:
Altered bits (using a fictive 4 bits per channel image format, for readability):
r g b r g b
╔═══╦═══╦═══╗ ╔═══╦═══╦═══╗
║ X ║ X ║ X ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ ║ ║ ║
╚═══╩═══╩═══╝ ╚═══╩═══╩═══╝
╔═══╦═══╦═══╗ ╔═══╦═══╦═══╗
║ X ║ X ║ X ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ ║ ║ ║
╚═══╩═══╩═══╝ ╚═══╩═══╩═══╝
Result on an actual image (200x163 image, 73kb of data):
Altered bits:
r g b r g b
╔═══╦═══╦═══╗ ╔═══╦═══╦═══╗
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╚═══╩═══╩═══╝ ╚═══╩═══╩═══╝
╔═══╦═══╦═══╗ ╔═══╦═══╦═══╗
║ ║ ║ ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╚═══╩═══╩═══╝ ╚═══╩═══╩═══╝
And here is my proposal: iterating over channels instead rows or columns:
Altered bits:
r g b r g b
╔═══╦═══╦═══╗ ╔═══╦═══╦═══╗
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╚═══╩═══╩═══╝ ╚═══╩═══╩═══╝
╔═══╦═══╦═══╗ ╔═══╦═══╦═══╗
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╚═══╩═══╩═══╝ ╚═══╩═══╩═══╝
This is an interesting feature as it better hides the data in the image (since it avoids to visually see the difference between untouched an altered areas), and improve global image quality.
when embedding a text into image "b" and then embedding image "b" into image "a" there's following problem:
image "b" can be extracted without any problem.
image "b" will be saved as "PNG".
but then image "b" can't be open again via "upload" freezes with "loading b..."
a bit strange: as workaround it can be renamed to "JPG", then it opens again and the text can also be extracted.....
Several PNG images that I have tried to upload to view their bit planes at https://georgeom.net/StegOnline/upload are stuck loading. I have tried using different computers and different browsers to no avail.
Help would be appreciated. Thank you.
Despite being allowed by the uploader, images with the mime type image/tiff fail to load. There is no discernable error shown, or logged to the console. After starting upload, site reports "Loading filename.tiff..." indefinitely.
I ran into this stego at Defcon BioHacking Village CTF. I wasn't able to solve it on https://stegonline.georgeom.net/, but was able to on https://www.beautifyconverter.com/steganographic-decoder.php. Unfortunately, the site doesn't say how it extracts the message. I figured I'd leave it here in case you wanted to examine and add to the site features, which are awesome (thank you). Would be interested to know how it works.
Hi and thanks a lot for StegOnline!
Uploading images doesn't seem to work anymore.
With Chromium (Version 125.0.6422.141 (Official Build) Arch Linux (64-bit)):
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'run-ad-auction'.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'join-ad-interest-group'.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
upload:15
GET https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587 net::ERR_BLOCKED_BY_CLIENT
upload:15 Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://static.cloudflareinsights.com". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
With Firefox 126.0.1-1:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587. (Reason: CORS request did not succeed). Status code: (null).
None of the “sha512” hashes in the integrity attribute match the content of the subresource. The computed hash is “z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==”. StegOnline
Content-Security-Policy: The page’s settings blocked the loading of a resource (media-src) at data: because it violates the following directive: “default-src 'none'” StegOnline
Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “script-src 'self' 'unsafe-eval' https://static.cloudflareinsights.com” utils.js:42:10
Content-Security-Policy: The page’s settings blocked an event handler (script-src-attr) from being executed because it violates the following directive: “script-src 'self' 'unsafe-eval' https://static.cloudflareinsights.com” main.8bb952858e81895e632c.js:1:769340
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587. (Reason: CORS request did not succeed). Status code: (null).
None of the “sha512” hashes in the integrity attribute match the content of the subresource. The computed hash is “z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==”. upload
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.